US20130276128A1 - Secure option rom firmware updates - Google Patents
Secure option rom firmware updates Download PDFInfo
- Publication number
- US20130276128A1 US20130276128A1 US13/445,363 US201213445363A US2013276128A1 US 20130276128 A1 US20130276128 A1 US 20130276128A1 US 201213445363 A US201213445363 A US 201213445363A US 2013276128 A1 US2013276128 A1 US 2013276128A1
- Authority
- US
- United States
- Prior art keywords
- option rom
- update
- information handling
- handling system
- option
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 claims abstract description 5
- 238000000034 method Methods 0.000 claims description 31
- 230000008569 process Effects 0.000 claims description 18
- 238000004891 communication Methods 0.000 claims description 10
- 230000004044 response Effects 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 5
- 230000000007 visual effect Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 4
- 238000013500 data storage Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 239000002775 capsule Substances 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Definitions
- the present invention relates in general to the field of information handling system firmware updates, and more particularly to information handling system secure option ROM firmware updates.
- An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information.
- information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated.
- the variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications.
- information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
- Information handling systems are typically built from a variety of components that cooperate to process information.
- a central processing unit runs applications to perform desired functions, such as word processing, multimedia content presentation, web browsing and e-mail.
- End users interact with applications through a variety of auxiliary subsystems built from the components.
- Auxiliary subsystems input information for use by the applications and present information processed by the applications.
- Some examples of auxiliary subsystems include a video subsystem that processes information to generate visual image information for presentation at a display, SCSI subsystems that support communications with storage devices such as hard disk drives and optical drives, and network subsystems that support communications with networks to perform functions such as a PXE network boot.
- BIOS Basic Input/Output System
- BIOS is a set of firmware instructions that run on physical components generally referred to as the chipset.
- the BIOS coordinates a boot of the operating system from persistent storage, such as a hard disk drive, to an operational state running on the CPU and also typically stored in random access memory (RAM) interfaced with the CPU.
- RAM random access memory
- option ROMs are typically included to support operation of auxiliary subsystems.
- Option ROMs are autonomous pieces of firmware which control the boot and configuration of auxiliary subsystems within a platform and in some instances also serve as runtime code for some types of subsystems.
- a video BIOS option ROM is typically loaded early in boot to coordinate operations of the video subsystem with the main BIOS and operating system so that information can be presented at a display.
- option ROMS include a SCSI BIOS option ROM that makes storage devices visible to other components during boot and a network boot ROM, such as a PXE option ROM that supports boot of the information handling system from a network interface.
- malware code executing on a physical component can compromise information stored on an information handling system and can even lead to failure of the information handling system.
- malicious code is most commonly targeted at applications and operating systems running on an information handling system
- successful attacks by malicious code on an information handling system's firmware presents a high risk because firmware runs at a more privileged level than most anti-malware tools available today.
- a number of secure platform initiatives have been initiated, such as NIST 800 - 147 , which strive to protect the main platform BIOS from malicious attack.
- these efforts generally do not address security issues related to all pieces of firmware, such as option ROMs.
- option ROMs Some efforts are made to protect option ROMs from malicious code during updates of option ROM firmware.
- One way of protecting option ROMs is to write-protect the option ROM to prevent any updates to the firmware code.
- Another way to protect option ROMs is to allow updates only through an option ROM subsystem code which initiates an update and connects directly with an update source.
- a third way to protect option ROMs is to program option ROM firmware to allow an update cycle to be initiated by the host platform CPU. Having a write-protect that prevents any updates limits maintenance options for the option ROM, such as to respond to difficulties that might arise over time with the execution of firmware instructions on different types of platforms. Allowing updates managed by an external network location or a host CPU will provide option ROM maintenance but also offer attack surfaces, such as reliance on third party suppliers to provide safe updates and a secure delivery mechanism.
- a system and method are provided which substantially reduce the disadvantages and problems associated with previous methods and systems for performing option ROM firmware updates.
- Secure option ROM updates are managed with an option ROM updater that executes in conjunction with information handling system initialization firmware in a centralized manner.
- System initialization firmware such as a BIOS
- BIOS checks for an option ROM update enable bit upon system initialization and responds to detection of a bit by retrieving an option ROM update from a predetermined memory location for execution at the BIOS.
- the option ROM update executes an updater that writes updated option ROM firmware instructions to an auxiliary subsystem associated with the option ROM update enable bits.
- the option ROM updater uses a secure key to unlock a write protect of flash memory on the auxiliary subsystem that stores the option ROM so that the updated option ROM instructions can be written to the flash memory. After the updated option ROM instructions are written, the flash memory write protect is re-locked to prevent unauthorized tampering with the option ROM.
- the present invention provides a number of important technical advantages.
- One example of an important technical advantage is that secure option ROM updates are provided with a deterministic methodology that ensures the pedigree and robustness of information handling system firmware.
- Centralized control of option ROM firmware updates reduces the reliance upon third parties and suppliers to deliver secure code and increases the assurance that firmware introduced for option ROM updates does not include malicious code.
- Option ROMs appear write-protected to any malicious code that attempts to corrupt an option ROM, however, the ability to update the option ROM remains available with an update mechanism of the BIOS that authorizes removal of the write protect.
- Option ROM updates initiated with an update bit at the BIOS provide flexibility to maintain information handling system auxiliary subsystems while reducing the risk of entry of malicious code at the firmware level of the information handling system.
- FIG. 1 depicts a block diagram of a system for secure option ROM updates
- FIG. 2 depicts a flow diagram of a process for setting an information handling system BIOS option ROM update enable bits
- FIG. 3 depicts a flow diagram of a process for securely updating an option ROM.
- an information handling system may include any instrumentality or aggregate of instrumentalities operable to compute, classify, process, transmit, receive, retrieve, originate, switch, store, display, manifest, detect, record, reproduce, handle, or utilize any form of information, intelligence, or data for business, scientific, control, or other purposes.
- an information handling system may be a personal computer, a network storage device, or any other suitable device and may vary in size, shape, performance, functionality, and price.
- the information handling system may include random access memory (RAM), one or more processing resources such as a central processing unit (CPU) or hardware or software control logic, ROM, and/or other types of nonvolatile memory.
- Additional components of the information handling system may include one or more disk drives, one or more network ports for communicating with external devices as well as various input and output (I/O) devices, such as a keyboard, a mouse, and a video display.
- the information handling system may also include one or more buses operable to transmit communications between the various hardware components.
- An information handling system 10 processes information with plural components, such as a processor 12 that executes instructions and a memory 14 that stores instructions in support of operations performed on processor 12 .
- a chipset 16 interfaces with processor 12 to coordinate communication on a physical level between processor 12 and other components of the information handling system, such as a video subsystem 18 , a storage controller 20 and a network interface card 22 , each of which are auxiliary subsystems of information handling system 10 .
- Chipset 16 includes a variety of integrated circuits and flash memory that execute and store firmware instructions for managing physical components of information handling system 10 .
- BIOS basic input/output system
- BIOS basic input/output system
- BIOS 24 retrieves an operating system 26 from persistent memory to run on processor 12 , such as by retrieving the operating system from a hard disk drive 28 or from a network location with network interface card 22 .
- a storage controller option ROM 30 executing on storage controller 20 initializes operation of storage controller 20 to provide communication between BIOS 24 and hard disk drive 28 , such as with an SCSI protocol.
- PXE option ROM 32 executing on network interface card 22 initializes operation of network interface card 22 to provide communication between BIOS 24 and a network storage location having operating system 26 to support a PXE boot.
- a video subsystem option ROM 34 also known as a video BIOS, executes on video subsystem 18 to establish communication with BIOS 24 and present information from BIOS 24 at a display 36 .
- Operation ROM update application 38 retrieves option ROM updates and stores the option ROM updates in memory, such as an update capsule pre-primed on information handling system 10 or a defined location in memory, like a predetermined location in SMM, in RAM 14 or in hard disk drive 28 .
- option ROM update application 38 periodically inquires through network 42 , such as the Internet, with an option ROM update network location 44 to identify and download option ROM updates for auxiliary subsystems of information handling system 10 .
- network 42 such as the Internet
- option ROM update application 38 sets option ROM update enable bits 48 in BIOS 24 for detection upon the next boot of information handling system 10 .
- option ROM update application 38 initiates a boot of information handling system 10 once option ROM update enable bits 48 are set so that the option ROM update begins with system initialization by BIOS 24 .
- option ROM update application 38 are performed through BIOS 24 to further enhance option ROM update security. For instance, an end user interacts with BIOS 24 to set option ROM update enable bits 48 through a system management interface 50 presented by BIOS 24 so that option ROM update enable bits 48 are not selectable through an application running over operating system 26 , which typically has a greater risk of malware attacks than BIOS 24 .
- option ROM update enable bits 48 are set to identify an option ROM update for an auxiliary subsystem option ROM
- a boot of information handling system 10 begins initialization of BIOS 24 and execution of option ROM updater 40 in conjunction with BIOS 24 .
- Option ROM updater 40 checks the option ROM update enable bits 48 to determine whether an option ROM update is available for execution on an auxiliary subsystem before BIOS 24 initializes operating system 26 . If an option ROM update enable bit 48 is set, then option ROM updater 40 initiates installation of the option ROM update on the auxiliary subsystem.
- the identity of the option ROM update enable bit provides option ROM updater 40 with the identity of the auxiliary subsystem having an option ROM update for installation.
- Option ROM updater 40 first locates the option update from memory.
- option ROM updater 40 retrieves a secure network address, such as a URL, from the option ROM stored on the auxiliary subsystem and retrieves an option ROM update from the network location.
- option ROM updater 40 retrieves a memory address from the option ROM stored on the auxiliary subsystem that defines where updates are stored in memory of information handling system 10 , such as predefined address in hard disk drive 28 .
- option ROM updater 40 executes a security module 52 to authenticate the option ROM update so that malware is not inadvertently copied to the auxiliary subsystem with an update.
- security module 52 authenticates the option ROM update with a PKI infrastructure, a secure hash delivered with the option ROM update or an inherent trust of a secure code repository confirmed by security module 52 .
- security module 52 confirms the authenticity of an option ROM update, security module 52 provides a key to a write-protect module 54 that locks and unlocks write protection of flash memory that stores the option ROM of the auxiliary subsystem subject to an option ROM update.
- write protect module 54 locks write protection at the auxiliary subsystem so that other systems cannot write to the flash memory of the auxiliary subsystem.
- write protect module 54 receives a secure key to unlock write protection at the auxiliary subsystem and option ROM updater 40 copies option ROM update 46 from memory to the auxiliary subsystem.
- option ROM update is complete, the hash of the option ROM is confirmed and then write protect module 54 locks write protection of the auxiliary subsystem.
- Option ROM updater 40 may include distributed modules that cooperate between hardware components to install an option ROM update.
- option ROM updater logic residing on chipset 16 with BIOS 24 initially only checks for update enable bits 48 to determine that an option ROM update is ready.
- Other logic for preparing option ROM firmware instructions and writing the firmware instructions to flash memory of an auxiliary subsystem are stored in option ROM update 46 and executed on either BIOS 24 or on the auxiliary subsystem itself.
- logic of option ROM updater 40 detects an update enable bit 48 and, in response, retrieves option ROM update 46 to BIOS 24 .
- Option ROM update 46 includes additional logic of option ROM update 40 , which executes at the BIOS to write option ROM update firmware instructions to the auxiliary subsystem option ROM being updated.
- option ROM updater can have logical modules disposed across other hardware and firmware components.
- Option ROM updater 40 can include standardized functions to unlock write protection of an option ROM and to execute an option ROM code update.
- each auxiliary subsystem that has an updateable option ROM provides its update code upon first enumeration at an information handling system platform, such as for storage in BIOS 24 for use when an option ROM update bit is set.
- a flow diagram depicts a process for setting an information handling system BIOS option ROM update enable bits.
- the process begins at step 56 with initiation of an option ROM update application running over the operating system.
- the option ROM update application executes to determine that an option ROM update exists for an auxiliary subsystem of the information handling system.
- the option ROM update is retrieved and copied to a predetermined memory location, such as a defined address of a hard disk drive on the information handling system.
- the option ROM update application sets an option ROM update enable bit for the BIOS to read on the next initialization of the information handling system.
- the option ROM update application initiates a reboot of the information handling system, such as by requesting an end user to re-boot to install the new option ROM.
- a flow diagram depicts a process for securely updating an option ROM.
- the process begins at step 66 with detection upon system initialization of an option ROM update enable bit set in the BIOS or other system initialization firmware.
- the option ROM update is loaded to the initialization firmware for execution, such as on a processor within the system chipset that supports the BIOS.
- a determination is made of whether the option ROM update is authentic, such as by comparison with a secure hash in the option ROM update. If the option ROM update is not authentic, the process continues to step 72 to issue an option ROM update failure message and ends at step 80 .
- step 70 If the determination at step 70 is that the option ROM is authentic, the process continues to step 74 to unlock the write protect of the flash memory that stores the option ROM.
- step 76 the option ROM updater executing with the BIOS updates the option ROM firmware by writing the updated firmware in the flash memory of the auxiliary subsystem.
- step 78 once the option ROM update is written to the auxiliary subsystem, the firmware write protection is re-enabled to prevent unauthorized changes to the option ROM, and the process ends at step 80 .
Abstract
Description
- 1. Field of the Invention
- The present invention relates in general to the field of information handling system firmware updates, and more particularly to information handling system secure option ROM firmware updates.
- 2. Description of the Related Art
- As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
- Information handling systems are typically built from a variety of components that cooperate to process information. For example, a central processing unit (CPU) runs applications to perform desired functions, such as word processing, multimedia content presentation, web browsing and e-mail. End users interact with applications through a variety of auxiliary subsystems built from the components. Auxiliary subsystems input information for use by the applications and present information processed by the applications. Some examples of auxiliary subsystems include a video subsystem that processes information to generate visual image information for presentation at a display, SCSI subsystems that support communications with storage devices such as hard disk drives and optical drives, and network subsystems that support communications with networks to perform functions such as a PXE network boot.
- Information handling systems typically coordinate the interaction between applications running on a CPU and physical components with an operating system that also runs on the CPU. In addition, information handling systems generally have a system boot and initialization firmware architecture that provides the operating system with access to physical components, such as a Basic Input/Output System (BIOS). The BIOS is a set of firmware instructions that run on physical components generally referred to as the chipset. During initialization up of an information handling system, the BIOS coordinates a boot of the operating system from persistent storage, such as a hard disk drive, to an operational state running on the CPU and also typically stored in random access memory (RAM) interfaced with the CPU. In addition to the BIOS, other firmware instructions known as option ROMs are typically included to support operation of auxiliary subsystems. Option ROMs are autonomous pieces of firmware which control the boot and configuration of auxiliary subsystems within a platform and in some instances also serve as runtime code for some types of subsystems. For example, a video BIOS option ROM is typically loaded early in boot to coordinate operations of the video subsystem with the main BIOS and operating system so that information can be presented at a display. Other examples of option ROMS include a SCSI BIOS option ROM that makes storage devices visible to other components during boot and a network boot ROM, such as a PXE option ROM that supports boot of the information handling system from a network interface.
- One difficulty with information handling systems is that malicious code executing on a physical component can compromise information stored on an information handling system and can even lead to failure of the information handling system. Although malicious code is most commonly targeted at applications and operating systems running on an information handling system, successful attacks by malicious code on an information handling system's firmware presents a high risk because firmware runs at a more privileged level than most anti-malware tools available today. In response to the threat presented by malicious software attacks on firmware, a number of secure platform initiatives have been initiated, such as NIST 800-147, which strive to protect the main platform BIOS from malicious attack. However, these efforts generally do not address security issues related to all pieces of firmware, such as option ROMs.
- Some efforts are made to protect option ROMs from malicious code during updates of option ROM firmware. One way of protecting option ROMs is to write-protect the option ROM to prevent any updates to the firmware code. Another way to protect option ROMs is to allow updates only through an option ROM subsystem code which initiates an update and connects directly with an update source. A third way to protect option ROMs is to program option ROM firmware to allow an update cycle to be initiated by the host platform CPU. Having a write-protect that prevents any updates limits maintenance options for the option ROM, such as to respond to difficulties that might arise over time with the execution of firmware instructions on different types of platforms. Allowing updates managed by an external network location or a host CPU will provide option ROM maintenance but also offer attack surfaces, such as reliance on third party suppliers to provide safe updates and a secure delivery mechanism.
- Therefore a need has arisen for a system and method which supports secure option ROM firmware updates.
- In accordance with the present invention, a system and method are provided which substantially reduce the disadvantages and problems associated with previous methods and systems for performing option ROM firmware updates. Secure option ROM updates are managed with an option ROM updater that executes in conjunction with information handling system initialization firmware in a centralized manner.
- More specifically, an information handling system is built from plural processing components that cooperate to process information. System initialization firmware, such as a BIOS, checks for an option ROM update enable bit upon system initialization and responds to detection of a bit by retrieving an option ROM update from a predetermined memory location for execution at the BIOS. The option ROM update executes an updater that writes updated option ROM firmware instructions to an auxiliary subsystem associated with the option ROM update enable bits. The option ROM updater uses a secure key to unlock a write protect of flash memory on the auxiliary subsystem that stores the option ROM so that the updated option ROM instructions can be written to the flash memory. After the updated option ROM instructions are written, the flash memory write protect is re-locked to prevent unauthorized tampering with the option ROM.
- The present invention provides a number of important technical advantages. One example of an important technical advantage is that secure option ROM updates are provided with a deterministic methodology that ensures the pedigree and robustness of information handling system firmware. Centralized control of option ROM firmware updates reduces the reliance upon third parties and suppliers to deliver secure code and increases the assurance that firmware introduced for option ROM updates does not include malicious code. Option ROMs appear write-protected to any malicious code that attempts to corrupt an option ROM, however, the ability to update the option ROM remains available with an update mechanism of the BIOS that authorizes removal of the write protect. Option ROM updates initiated with an update bit at the BIOS provide flexibility to maintain information handling system auxiliary subsystems while reducing the risk of entry of malicious code at the firmware level of the information handling system.
- The present invention may be better understood, and its numerous objects, features and advantages made apparent to those skilled in the art by referencing the accompanying drawings. The use of the same reference number throughout the several figures designates a like or similar element.
-
FIG. 1 depicts a block diagram of a system for secure option ROM updates; -
FIG. 2 depicts a flow diagram of a process for setting an information handling system BIOS option ROM update enable bits; and -
FIG. 3 depicts a flow diagram of a process for securely updating an option ROM. - Information handling system option ROMs are updated in a secure manner with initialization firmware management. For purposes of this disclosure, an information handling system may include any instrumentality or aggregate of instrumentalities operable to compute, classify, process, transmit, receive, retrieve, originate, switch, store, display, manifest, detect, record, reproduce, handle, or utilize any form of information, intelligence, or data for business, scientific, control, or other purposes. For example, an information handling system may be a personal computer, a network storage device, or any other suitable device and may vary in size, shape, performance, functionality, and price. The information handling system may include random access memory (RAM), one or more processing resources such as a central processing unit (CPU) or hardware or software control logic, ROM, and/or other types of nonvolatile memory. Additional components of the information handling system may include one or more disk drives, one or more network ports for communicating with external devices as well as various input and output (I/O) devices, such as a keyboard, a mouse, and a video display. The information handling system may also include one or more buses operable to transmit communications between the various hardware components.
- Referring now to
FIG. 1 , a block diagram depicts a system for secure option ROM updates. Aninformation handling system 10 processes information with plural components, such as aprocessor 12 that executes instructions and amemory 14 that stores instructions in support of operations performed onprocessor 12. Achipset 16 interfaces withprocessor 12 to coordinate communication on a physical level betweenprocessor 12 and other components of the information handling system, such as avideo subsystem 18, astorage controller 20 and anetwork interface card 22, each of which are auxiliary subsystems ofinformation handling system 10.Chipset 16 includes a variety of integrated circuits and flash memory that execute and store firmware instructions for managing physical components ofinformation handling system 10. For example, a basic input/output system (BIOS) 24 stored as firmware inchipset 16 executes to initialize information handling system to an operational state, such as upon initial power-up. - During initialization,
BIOS 24 retrieves anoperating system 26 from persistent memory to run onprocessor 12, such as by retrieving the operating system from ahard disk drive 28 or from a network location withnetwork interface card 22. A storage controller option ROM 30 executing onstorage controller 20 initializes operation ofstorage controller 20 to provide communication betweenBIOS 24 andhard disk drive 28, such as with an SCSI protocol. Alternatively,PXE option ROM 32 executing onnetwork interface card 22 initializes operation ofnetwork interface card 22 to provide communication betweenBIOS 24 and a network storage location having operatingsystem 26 to support a PXE boot. During initialization, ofinformation handling system 10, a videosubsystem option ROM 34, also known as a video BIOS, executes onvideo subsystem 18 to establish communication withBIOS 24 and present information fromBIOS 24 at adisplay 36. - An option ROM update application 38 running over
operating system 26 and an option ROM updater running onchipset 16 withBIOS 24 cooperate in order to update option ROMs stored in firmware of auxiliary subsystems, such as storage controller option ROM 30,PXE option ROM 32 and videoBIOS option ROM 34. Operation ROM update application 38 retrieves option ROM updates and stores the option ROM updates in memory, such as an update capsule pre-primed oninformation handling system 10 or a defined location in memory, like a predetermined location in SMM, inRAM 14 or inhard disk drive 28. For example, option ROM update application 38 periodically inquires throughnetwork 42, such as the Internet, with an option ROMupdate network location 44 to identify and download option ROM updates for auxiliary subsystems ofinformation handling system 10. Once an option ROM update is retrieved and stored in memory, such asoption ROM update 46 stored inhard disk drive 28, option ROM update application 38 sets option ROM update enablebits 48 inBIOS 24 for detection upon the next boot ofinformation handling system 10. In one embodiment, option ROM update application 38 initiates a boot ofinformation handling system 10 once option ROM update enablebits 48 are set so that the option ROM update begins with system initialization byBIOS 24. In an alternative embodiment, some or all of the functions of option ROM update application 38 are performed throughBIOS 24 to further enhance option ROM update security. For instance, an end user interacts withBIOS 24 to set option ROM update enablebits 48 through asystem management interface 50 presented byBIOS 24 so that option ROM update enablebits 48 are not selectable through an application running overoperating system 26, which typically has a greater risk of malware attacks thanBIOS 24. - Once option ROM update enable
bits 48 are set to identify an option ROM update for an auxiliary subsystem option ROM, a boot ofinformation handling system 10 begins initialization ofBIOS 24 and execution ofoption ROM updater 40 in conjunction withBIOS 24.Option ROM updater 40 checks the option ROM update enablebits 48 to determine whether an option ROM update is available for execution on an auxiliary subsystem beforeBIOS 24initializes operating system 26. If an option ROM update enablebit 48 is set, thenoption ROM updater 40 initiates installation of the option ROM update on the auxiliary subsystem. In one embodiment, the identity of the option ROM update enable bit providesoption ROM updater 40 with the identity of the auxiliary subsystem having an option ROM update for installation.Option ROM updater 40 first locates the option update from memory. In one embodiment,option ROM updater 40 retrieves a secure network address, such as a URL, from the option ROM stored on the auxiliary subsystem and retrieves an option ROM update from the network location. In another embodiment,option ROM updater 40 retrieves a memory address from the option ROM stored on the auxiliary subsystem that defines where updates are stored in memory ofinformation handling system 10, such as predefined address inhard disk drive 28. - Once
option ROM updater 40 has located the option ROM update associated with an update enablebit 48 set inBIOS 24,option ROM updater 40 executes asecurity module 52 to authenticate the option ROM update so that malware is not inadvertently copied to the auxiliary subsystem with an update. For example,security module 52 authenticates the option ROM update with a PKI infrastructure, a secure hash delivered with the option ROM update or an inherent trust of a secure code repository confirmed bysecurity module 52. Oncesecurity module 52 confirms the authenticity of an option ROM update,security module 52 provides a key to a write-protectmodule 54 that locks and unlocks write protection of flash memory that stores the option ROM of the auxiliary subsystem subject to an option ROM update. During normal operations ofinformation handling system 10, write protectmodule 54 locks write protection at the auxiliary subsystem so that other systems cannot write to the flash memory of the auxiliary subsystem. When an update is authenticated bysecurity module 52, write protectmodule 54 receives a secure key to unlock write protection at the auxiliary subsystem andoption ROM updater 40 copiesoption ROM update 46 from memory to the auxiliary subsystem. Once the option ROM update is complete, the hash of the option ROM is confirmed and then write protectmodule 54 locks write protection of the auxiliary subsystem. -
Option ROM updater 40 may include distributed modules that cooperate between hardware components to install an option ROM update. In one embodiment, option ROM updater logic residing onchipset 16 withBIOS 24 initially only checks for update enablebits 48 to determine that an option ROM update is ready. Other logic for preparing option ROM firmware instructions and writing the firmware instructions to flash memory of an auxiliary subsystem are stored inoption ROM update 46 and executed on eitherBIOS 24 or on the auxiliary subsystem itself. For example, logic ofoption ROM updater 40 detects an update enablebit 48 and, in response, retrievesoption ROM update 46 toBIOS 24.Option ROM update 46 includes additional logic ofoption ROM update 40, which executes at the BIOS to write option ROM update firmware instructions to the auxiliary subsystem option ROM being updated. In alternative embodiments, option ROM updater can have logical modules disposed across other hardware and firmware components.Option ROM updater 40 can include standardized functions to unlock write protection of an option ROM and to execute an option ROM code update. Alternatively, each auxiliary subsystem that has an updateable option ROM provides its update code upon first enumeration at an information handling system platform, such as for storage inBIOS 24 for use when an option ROM update bit is set. - Referring now to
FIG. 2 , a flow diagram depicts a process for setting an information handling system BIOS option ROM update enable bits. The process begins atstep 56 with initiation of an option ROM update application running over the operating system. Atstep 58, the option ROM update application executes to determine that an option ROM update exists for an auxiliary subsystem of the information handling system. Atstep 60, the option ROM update is retrieved and copied to a predetermined memory location, such as a defined address of a hard disk drive on the information handling system. Atstep 62, the option ROM update application sets an option ROM update enable bit for the BIOS to read on the next initialization of the information handling system. Atstep 64, the option ROM update application initiates a reboot of the information handling system, such as by requesting an end user to re-boot to install the new option ROM. - Referring now to
FIG. 3 , a flow diagram depicts a process for securely updating an option ROM. The process begins atstep 66 with detection upon system initialization of an option ROM update enable bit set in the BIOS or other system initialization firmware. Atstep 68, the option ROM update is loaded to the initialization firmware for execution, such as on a processor within the system chipset that supports the BIOS. At step 70 a determination is made of whether the option ROM update is authentic, such as by comparison with a secure hash in the option ROM update. If the option ROM update is not authentic, the process continues to step 72 to issue an option ROM update failure message and ends at step 80. If the determination atstep 70 is that the option ROM is authentic, the process continues to step 74 to unlock the write protect of the flash memory that stores the option ROM. Atstep 76, the option ROM updater executing with the BIOS updates the option ROM firmware by writing the updated firmware in the flash memory of the auxiliary subsystem. Atstep 78, once the option ROM update is written to the auxiliary subsystem, the firmware write protection is re-enabled to prevent unauthorized changes to the option ROM, and the process ends at step 80. - Although the present invention has been described in detail, it should be understood that various changes, substitutions and alterations can be made hereto without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/445,363 US8898797B2 (en) | 2012-04-12 | 2012-04-12 | Secure option ROM firmware updates |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/445,363 US8898797B2 (en) | 2012-04-12 | 2012-04-12 | Secure option ROM firmware updates |
Publications (2)
Publication Number | Publication Date |
---|---|
US20130276128A1 true US20130276128A1 (en) | 2013-10-17 |
US8898797B2 US8898797B2 (en) | 2014-11-25 |
Family
ID=49326351
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/445,363 Active 2032-08-19 US8898797B2 (en) | 2012-04-12 | 2012-04-12 | Secure option ROM firmware updates |
Country Status (1)
Country | Link |
---|---|
US (1) | US8898797B2 (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9015694B2 (en) | 2012-10-31 | 2015-04-21 | Aruba Networks, Inc | Cloud-based firmware distribution service |
TWI493463B (en) * | 2013-10-30 | 2015-07-21 | Insyde Software Corp | Electronic device, universal extension firmware interface Basic input and output system firmware update method, recording media and computer program products |
US20180121191A1 (en) * | 2016-11-03 | 2018-05-03 | Digi International Inc. | System and methods for wireless firmware upgrades using one-way broadcast transmissions |
US10621354B2 (en) * | 2018-02-22 | 2020-04-14 | Dell Products, L.P. | Verifying basic input/output system (BIOS) boot block code |
US10691448B2 (en) * | 2018-08-18 | 2020-06-23 | Dell Products, L.P. | Method and apparatus to execute BIOS firmware before committing to flash memory |
US10713060B2 (en) | 2018-08-02 | 2020-07-14 | Micron Technology, Inc. | Configurable option ROM |
CN113986361A (en) * | 2021-10-21 | 2022-01-28 | 山东云海国创云计算装备产业创新中心有限公司 | Out-of-band setting method, system and related device of BIOS option |
US20220067162A1 (en) * | 2019-05-15 | 2022-03-03 | Hewlett-Packard Development Company, L.P. | Update signals |
US11392391B2 (en) * | 2020-02-03 | 2022-07-19 | Dell Products L.P. | Selectively updating a bios image |
US11416614B2 (en) * | 2020-07-01 | 2022-08-16 | Dell Products L.P. | Statistical detection of firmware-level compromises |
EP3904161A4 (en) * | 2018-12-28 | 2022-09-07 | Hitachi Astemo, Ltd. | Information processing device |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9542201B2 (en) | 2015-02-25 | 2017-01-10 | Quanta Computer, Inc. | Network bios management |
WO2018199893A1 (en) | 2017-04-24 | 2018-11-01 | Hewlett-Packard Development Company, L.P. | Displaying a bios update progress |
US11900128B2 (en) * | 2021-09-29 | 2024-02-13 | Dell Products L.P. | Modularized basic input output system (BIOS) firmware activation |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070204144A1 (en) * | 2000-02-14 | 2007-08-30 | Gafken Andrew H | Modular BIOS update mechanism |
US20090271600A1 (en) * | 2008-04-24 | 2009-10-29 | Dell Products, Lp | Method of using an information handling system having a boot file, and an information handling system and machine-executable code for carrying out the method |
US20100058306A1 (en) * | 2008-08-26 | 2010-03-04 | Terry Wayne Liles | System and Method for Secure Information Handling System Flash Memory Access |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7590837B2 (en) | 2003-08-23 | 2009-09-15 | Softex Incorporated | Electronic device security and tracking system and method |
US7644259B2 (en) | 2005-10-18 | 2010-01-05 | Lsi Corporation | Customization of option ROM images |
US9026771B2 (en) | 2007-04-27 | 2015-05-05 | Hewlett-Packard Development Company, L.P. | Secure computer system update |
US20090070593A1 (en) | 2007-09-07 | 2009-03-12 | Authentec, Inc. | Finger sensing apparatus using unique session key and associated methods |
-
2012
- 2012-04-12 US US13/445,363 patent/US8898797B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070204144A1 (en) * | 2000-02-14 | 2007-08-30 | Gafken Andrew H | Modular BIOS update mechanism |
US20090271600A1 (en) * | 2008-04-24 | 2009-10-29 | Dell Products, Lp | Method of using an information handling system having a boot file, and an information handling system and machine-executable code for carrying out the method |
US20100058306A1 (en) * | 2008-08-26 | 2010-03-04 | Terry Wayne Liles | System and Method for Secure Information Handling System Flash Memory Access |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9015694B2 (en) | 2012-10-31 | 2015-04-21 | Aruba Networks, Inc | Cloud-based firmware distribution service |
TWI493463B (en) * | 2013-10-30 | 2015-07-21 | Insyde Software Corp | Electronic device, universal extension firmware interface Basic input and output system firmware update method, recording media and computer program products |
US20180121191A1 (en) * | 2016-11-03 | 2018-05-03 | Digi International Inc. | System and methods for wireless firmware upgrades using one-way broadcast transmissions |
US10466994B2 (en) * | 2016-11-03 | 2019-11-05 | Digi International Inc. | System and methods for wireless firmware upgrades using one-way broadcast transmissions |
US10621354B2 (en) * | 2018-02-22 | 2020-04-14 | Dell Products, L.P. | Verifying basic input/output system (BIOS) boot block code |
US11157625B2 (en) * | 2018-02-22 | 2021-10-26 | Dell Products, L.P. | Verifying basic input/output system (BIOS) boot block code |
US10713060B2 (en) | 2018-08-02 | 2020-07-14 | Micron Technology, Inc. | Configurable option ROM |
US11301260B2 (en) | 2018-08-02 | 2022-04-12 | Micron Technology, Inc. | Configurable option ROM |
US10691448B2 (en) * | 2018-08-18 | 2020-06-23 | Dell Products, L.P. | Method and apparatus to execute BIOS firmware before committing to flash memory |
EP3904161A4 (en) * | 2018-12-28 | 2022-09-07 | Hitachi Astemo, Ltd. | Information processing device |
US20220067162A1 (en) * | 2019-05-15 | 2022-03-03 | Hewlett-Packard Development Company, L.P. | Update signals |
US11755739B2 (en) * | 2019-05-15 | 2023-09-12 | Hewlett-Packard Development Company, L.P. | Update signals |
US11392391B2 (en) * | 2020-02-03 | 2022-07-19 | Dell Products L.P. | Selectively updating a bios image |
US11416614B2 (en) * | 2020-07-01 | 2022-08-16 | Dell Products L.P. | Statistical detection of firmware-level compromises |
CN113986361A (en) * | 2021-10-21 | 2022-01-28 | 山东云海国创云计算装备产业创新中心有限公司 | Out-of-band setting method, system and related device of BIOS option |
Also Published As
Publication number | Publication date |
---|---|
US8898797B2 (en) | 2014-11-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8898797B2 (en) | Secure option ROM firmware updates | |
US11113404B2 (en) | Securing operating system configuration using hardware | |
US10754955B2 (en) | Authenticating a boot path update | |
US8028172B2 (en) | Systems and methods for updating a secure boot process on a computer with a hardware security module | |
US9880908B2 (en) | Recovering from compromised system boot code | |
TWI441024B (en) | Method and system for security protection for memory content of processor main memory | |
US11409884B2 (en) | Security profiling of system firmware and applications from an OOB appliance at a differentiated trust boundary | |
JP4793733B2 (en) | High integrity firmware | |
CN107092495B (en) | Platform firmware armoring technology | |
TWI559167B (en) | A unified extensible firmware interface(uefi)-compliant computing device and a method for administering a secure boot in the uefi-compliant computing device | |
US7506380B2 (en) | Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module | |
US11086998B2 (en) | Modifiable policy action secure boot violation system | |
US10706153B2 (en) | Preventing malicious cryptographic erasure of storage devices | |
EP3028147B1 (en) | Updating boot code | |
US8146150B2 (en) | Security management in multi-node, multi-processor platforms | |
US20140115316A1 (en) | Boot loading of secure operating system from external device | |
US9870472B2 (en) | Detecting malign code in unused firmware memory | |
US10146704B2 (en) | Volatile/non-volatile memory device access provisioning system | |
US9292664B2 (en) | Key injection tool | |
Cooper et al. | BIOS protection guidelines | |
US11436324B2 (en) | Monitoring parameters of controllers for unauthorized modification | |
US10938831B2 (en) | Methods and apparatus to enable services to run in multiple security contexts | |
US11200065B2 (en) | Boot authentication | |
WO2007098642A1 (en) | MECHANlSM FOR ACCESS CONTROL OF COMPUTING SYSTEM IN PRE-OS STAGE | |
US11960372B2 (en) | Verified callback chain for bios security in an information handling system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: DELL PRODUCTS L.P., TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KONETSKI, DAVID;MOLSBERRY, FRANK;MARTINEZ, RICARDO L.;SIGNING DATES FROM 20120410 TO 20120412;REEL/FRAME:028036/0536 |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT, TEXAS Free format text: PATENT SECURITY AGREEMENT (ABL);ASSIGNORS:DELL INC.;APPASSURE SOFTWARE, INC.;ASAP SOFTWARE EXPRESS, INC.;AND OTHERS;REEL/FRAME:031898/0001 Effective date: 20131029 Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH CAROLINA Free format text: PATENT SECURITY AGREEMENT (TERM LOAN);ASSIGNORS:DELL INC.;APPASSURE SOFTWARE, INC.;ASAP SOFTWARE EXPRESS, INC.;AND OTHERS;REEL/FRAME:031899/0261 Effective date: 20131029 Owner name: BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS FIRST LIEN COLLATERAL AGENT, TEXAS Free format text: PATENT SECURITY AGREEMENT (NOTES);ASSIGNORS:APPASSURE SOFTWARE, INC.;ASAP SOFTWARE EXPRESS, INC.;BOOMI, INC.;AND OTHERS;REEL/FRAME:031897/0348 Effective date: 20131029 Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH Free format text: PATENT SECURITY AGREEMENT (TERM LOAN);ASSIGNORS:DELL INC.;APPASSURE SOFTWARE, INC.;ASAP SOFTWARE EXPRESS, INC.;AND OTHERS;REEL/FRAME:031899/0261 Effective date: 20131029 Owner name: BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS FI Free format text: PATENT SECURITY AGREEMENT (NOTES);ASSIGNORS:APPASSURE SOFTWARE, INC.;ASAP SOFTWARE EXPRESS, INC.;BOOMI, INC.;AND OTHERS;REEL/FRAME:031897/0348 Effective date: 20131029 Owner name: BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT, TE Free format text: PATENT SECURITY AGREEMENT (ABL);ASSIGNORS:DELL INC.;APPASSURE SOFTWARE, INC.;ASAP SOFTWARE EXPRESS, INC.;AND OTHERS;REEL/FRAME:031898/0001 Effective date: 20131029 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: DELL INC., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: APPASSURE SOFTWARE, INC., VIRGINIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: WYSE TECHNOLOGY L.L.C., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: DELL MARKETING L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: FORCE10 NETWORKS, INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: ASAP SOFTWARE EXPRESS, INC., ILLINOIS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: COMPELLANT TECHNOLOGIES, INC., MINNESOTA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: PEROT SYSTEMS CORPORATION, TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: DELL USA L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: CREDANT TECHNOLOGIES, INC., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: SECUREWORKS, INC., GEORGIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 Owner name: DELL SOFTWARE INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:040065/0216 Effective date: 20160907 |
|
AS | Assignment |
Owner name: ASAP SOFTWARE EXPRESS, INC., ILLINOIS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: PEROT SYSTEMS CORPORATION, TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: WYSE TECHNOLOGY L.L.C., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: SECUREWORKS, INC., GEORGIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: FORCE10 NETWORKS, INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: APPASSURE SOFTWARE, INC., VIRGINIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: COMPELLENT TECHNOLOGIES, INC., MINNESOTA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: DELL MARKETING L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: DELL INC., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: CREDANT TECHNOLOGIES, INC., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: DELL SOFTWARE INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: DELL USA L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:040040/0001 Effective date: 20160907 Owner name: DELL USA L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: COMPELLENT TECHNOLOGIES, INC., MINNESOTA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: DELL INC., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: FORCE10 NETWORKS, INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: WYSE TECHNOLOGY L.L.C., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: PEROT SYSTEMS CORPORATION, TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: DELL MARKETING L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: DELL SOFTWARE INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: ASAP SOFTWARE EXPRESS, INC., ILLINOIS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: SECUREWORKS, INC., GEORGIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: APPASSURE SOFTWARE, INC., VIRGINIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 Owner name: CREDANT TECHNOLOGIES, INC., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT;REEL/FRAME:040065/0618 Effective date: 20160907 |
|
AS | Assignment |
Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT, NORTH CAROLINA Free format text: SECURITY AGREEMENT;ASSIGNORS:ASAP SOFTWARE EXPRESS, INC.;AVENTAIL LLC;CREDANT TECHNOLOGIES, INC.;AND OTHERS;REEL/FRAME:040134/0001 Effective date: 20160907 Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT, TEXAS Free format text: SECURITY AGREEMENT;ASSIGNORS:ASAP SOFTWARE EXPRESS, INC.;AVENTAIL LLC;CREDANT TECHNOLOGIES, INC.;AND OTHERS;REEL/FRAME:040136/0001 Effective date: 20160907 Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLAT Free format text: SECURITY AGREEMENT;ASSIGNORS:ASAP SOFTWARE EXPRESS, INC.;AVENTAIL LLC;CREDANT TECHNOLOGIES, INC.;AND OTHERS;REEL/FRAME:040134/0001 Effective date: 20160907 Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., A Free format text: SECURITY AGREEMENT;ASSIGNORS:ASAP SOFTWARE EXPRESS, INC.;AVENTAIL LLC;CREDANT TECHNOLOGIES, INC.;AND OTHERS;REEL/FRAME:040136/0001 Effective date: 20160907 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551) Year of fee payment: 4 |
|
AS | Assignment |
Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., T Free format text: SECURITY AGREEMENT;ASSIGNORS:CREDANT TECHNOLOGIES, INC.;DELL INTERNATIONAL L.L.C.;DELL MARKETING L.P.;AND OTHERS;REEL/FRAME:049452/0223 Effective date: 20190320 Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., TEXAS Free format text: SECURITY AGREEMENT;ASSIGNORS:CREDANT TECHNOLOGIES, INC.;DELL INTERNATIONAL L.L.C.;DELL MARKETING L.P.;AND OTHERS;REEL/FRAME:049452/0223 Effective date: 20190320 |
|
AS | Assignment |
Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., TEXAS Free format text: SECURITY AGREEMENT;ASSIGNORS:CREDANT TECHNOLOGIES INC.;DELL INTERNATIONAL L.L.C.;DELL MARKETING L.P.;AND OTHERS;REEL/FRAME:053546/0001 Effective date: 20200409 |
|
AS | Assignment |
Owner name: WYSE TECHNOLOGY L.L.C., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: SCALEIO LLC, MASSACHUSETTS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: MOZY, INC., WASHINGTON Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: MAGINATICS LLC, CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: FORCE10 NETWORKS, INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: EMC IP HOLDING COMPANY LLC, TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: EMC CORPORATION, MASSACHUSETTS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: DELL SYSTEMS CORPORATION, TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: DELL SOFTWARE INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: DELL MARKETING L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: DELL INTERNATIONAL, L.L.C., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: DELL USA L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: CREDANT TECHNOLOGIES, INC., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: AVENTAIL LLC, CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 Owner name: ASAP SOFTWARE EXPRESS, INC., ILLINOIS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001 Effective date: 20211101 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |
|
AS | Assignment |
Owner name: SCALEIO LLC, MASSACHUSETTS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001 Effective date: 20220329 Owner name: EMC IP HOLDING COMPANY LLC (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MOZY, INC.), TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001 Effective date: 20220329 Owner name: EMC CORPORATION (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MAGINATICS LLC), MASSACHUSETTS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001 Effective date: 20220329 Owner name: DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO FORCE10 NETWORKS, INC. AND WYSE TECHNOLOGY L.L.C.), TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001 Effective date: 20220329 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001 Effective date: 20220329 Owner name: DELL INTERNATIONAL L.L.C., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001 Effective date: 20220329 Owner name: DELL USA L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001 Effective date: 20220329 Owner name: DELL MARKETING L.P. (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO CREDANT TECHNOLOGIES, INC.), TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001 Effective date: 20220329 Owner name: DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO ASAP SOFTWARE EXPRESS, INC.), TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001 Effective date: 20220329 |
|
AS | Assignment |
Owner name: SCALEIO LLC, MASSACHUSETTS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001 Effective date: 20220329 Owner name: EMC IP HOLDING COMPANY LLC (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MOZY, INC.), TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001 Effective date: 20220329 Owner name: EMC CORPORATION (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MAGINATICS LLC), MASSACHUSETTS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001 Effective date: 20220329 Owner name: DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO FORCE10 NETWORKS, INC. AND WYSE TECHNOLOGY L.L.C.), TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001 Effective date: 20220329 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001 Effective date: 20220329 Owner name: DELL INTERNATIONAL L.L.C., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001 Effective date: 20220329 Owner name: DELL USA L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001 Effective date: 20220329 Owner name: DELL MARKETING L.P. (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO CREDANT TECHNOLOGIES, INC.), TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001 Effective date: 20220329 Owner name: DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO ASAP SOFTWARE EXPRESS, INC.), TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001 Effective date: 20220329 |